The hidden risk of attestation none: the user might (gasp) use a libre authenticator!
This same ordeal is why lots of Android software is intentionally broken on non-Google operating systems, and it would be a terrible blow for the web if it worked like that for every website with a login. Passkeys are that future, and it's very hard to take anyone who encourages their use seriously. Encouraging attestation, like here, is even worse.
2 comments
[ 4.7 ms ] story [ 13.1 ms ] threadThis same ordeal is why lots of Android software is intentionally broken on non-Google operating systems, and it would be a terrible blow for the web if it worked like that for every website with a login. Passkeys are that future, and it's very hard to take anyone who encourages their use seriously. Encouraging attestation, like here, is even worse.